[openwrt/openwrt] dropbear: add ed25519 for failsafe key
LEDE Commits
lede-commits at lists.infradead.org
Sat Aug 12 02:49:52 PDT 2023
hauke pushed a commit to openwrt/openwrt.git, branch openwrt-22.03:
https://git.openwrt.org/503aa7f9fbb3ca73437aeb2adf492dd8f1d2ab7f
commit 503aa7f9fbb3ca73437aeb2adf492dd8f1d2ab7f
Author: Etienne Champetier <champetier.etienne at gmail.com>
AuthorDate: Mon Jul 10 07:56:05 2023 +0200
dropbear: add ed25519 for failsafe key
At least Fedora and RHEL 9 set RSAMinSize=2048, so when trying to use
failsafe, we get 'Bad server host key: Invalid key length'
To workaround the issue, we can use: ssh -o RSAMinSize=1024 ...
Generating 2048 bits RSA is extremely slow, so add ed25519.
We keep RSA 1024 to be as compatible as possible.
Signed-off-by: Etienne Champetier <champetier.etienne at gmail.com>
(cherry picked from commit 6ac61dead99ff6b9df00c29b7a858772449718b2)
---
package/network/services/dropbear/files/dropbear.failsafe | 5 +++--
1 file changed, 3 insertions(+), 2 deletions(-)
diff --git a/package/network/services/dropbear/files/dropbear.failsafe b/package/network/services/dropbear/files/dropbear.failsafe
index a98ede459a..97bd12d58a 100755
--- a/package/network/services/dropbear/files/dropbear.failsafe
+++ b/package/network/services/dropbear/files/dropbear.failsafe
@@ -1,8 +1,9 @@
#!/bin/sh
failsafe_dropbear () {
- dropbearkey -t rsa -s 1024 -f /tmp/dropbear_failsafe_host_key
- dropbear -r /tmp/dropbear_failsafe_host_key <> /dev/null 2>&1
+ dropbearkey -t rsa -s 1024 -f /tmp/dropbear_rsa_failsafe_host_key
+ dropbearkey -t ed25519 -f /tmp/dropbear_ed25519_failsafe_host_key
+ dropbear -r /tmp/dropbear_rsa_failsafe_host_key -r /tmp/dropbear_ed25519_failsafe_host_key <> /dev/null 2>&1
}
boot_hook_add failsafe failsafe_dropbear
More information about the lede-commits
mailing list